Add NID_secp384r1 support on parsing UDS public key (10ee304f) · Commits · e / os / android_hardware_interfaces

security/keymint/support/remote_prov_utils.cpp

+6 −5

Original line number	Diff line number	Diff line
		@@ -65,9 +65,9 @@ ErrMsgOr<bytevec> ecKeyGetPrivateKey(const EC_KEY* ecKey) {
		return privKey;
		}

		ErrMsgOr<bytevec> ecKeyGetPublicKey(const EC_KEY* ecKey) {
		ErrMsgOr<bytevec> ecKeyGetPublicKey(const EC_KEY* ecKey, const int nid) {
		// Extract public key.
		auto group = EC_GROUP_Ptr(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
		auto group = EC_GROUP_Ptr(EC_GROUP_new_by_curve_name(nid));
		if (group.get() == nullptr) {
		return "Error creating EC group by curve name";
		}
		@@ -123,11 +123,12 @@ ErrMsgOr<bytevec> getRawPublicKey(const EVP_PKEY_Ptr& pubKey) {
		int keyType = EVP_PKEY_base_id(pubKey.get());
		switch (keyType) {
		case EVP_PKEY_EC: {
		int nid = EVP_PKEY_bits(pubKey.get()) == 384 ? NID_secp384r1 : NID_X9_62_prime256v1;
		auto ecKey = EC_KEY_Ptr(EVP_PKEY_get1_EC_KEY(pubKey.get()));
		if (ecKey.get() == nullptr) {
		return "Failed to get ec key";
		}
		return ecKeyGetPublicKey(ecKey.get());
		return ecKeyGetPublicKey(ecKey.get(), nid);
		}
		case EVP_PKEY_ED25519: {
		bytevec rawPubKey;
		@@ -165,7 +166,7 @@ ErrMsgOr<std::tuple<bytevec, bytevec>> generateEc256KeyPair() {
		auto privKey = ecKeyGetPrivateKey(ec_key.get());
		if (!privKey) return privKey.moveMessage();

		auto pubKey = ecKeyGetPublicKey(ec_key.get());
		auto pubKey = ecKeyGetPublicKey(ec_key.get(), NID_X9_62_prime256v1);
		if (!pubKey) return pubKey.moveMessage();

		return std::make_tuple(pubKey.moveValue(), privKey.moveValue());